CVE number: CVE-2012-4767
The private key data is in the securitylayer.log file in a directory called "logs.9772". This key could potentially be used to decrypt communications between the client and server and ultimately affect the security policies applied to the machine. An attacker may be able to decrypt and potentially change the Safend security policies applied to the machine.

CVE number: CVE-2012-4760
The SDBagent service has 'WRITE_DAC' privileges set for all local users. The WRITE_DAC privilege would allow a local user to rewrite the acl and give himself full control of the file which could then be trojaned to gain full local admin privileges. The following is the output from the cacls command:

An attacker may be able to elevate privileges to local administrator level.

CVE number: CVE-2012-4760
The SDPagent service has 'WRITE_DAC' privileges set for all local users. The WRITE_DAC privilege would allow a local user to rewrite the acl and give himself full control of the file which could then be trojaned to gain full local admin privileges. The following is the output from the cacls command:

This could allow a user with write access to the c: drive to create a malicious C:\program.exe file (or even "c:\program files\safend\data.exe") which would be run in place of the intended file. An attacker may be able to elevate privileges to local system level.

CVE number: CVE-2012-4761
The SDPAgent Windows service path has spaces in the path and is not quoted:

This could allow a user with write access to the c: drive to create a malicious C:\program.exe file (or even "c:\program files\safend\data.exe") which would be run in place of the intended file. An attacker may be able to elevate privileges to local system level.